On 08.06.2018 18:41, David Sommerseth wrote:
also, what is the latency of your connection?
what are the "raw" vs "vpn" ping times?
Latency is low: raw 8.073 ms, vpn 8.272 ms.
8 ms is pretty good ... that won't cause any bandwidth problems.
Agreed ... but that's probably with smaller ICMP packets (56 bytes or so) ...
does that change if going higher than 1300 (the --fragment, in the config) or
1500? .... both outside and inside the tunnel.
Outside tunnel:
==============
packet size 1428 bytes:
----------------------
# ping vpn.privacyguard.io -q -i 0.2 -c 3000 -s 1400
PING vpn.privacyguard.io (137.74.199.239) 1400(1428) bytes of data.
--- vpn.privacyguard.io ping statistics ---
3000 packets transmitted, 3000 received, 0% packet loss, time 600988ms
rtt min/avg/max/mdev = 7.914/8.119/8.913/0.110 ms
packet size 2528 bytes:
----------------------
# ping vpn.privacyguard.io -q -i 0.2 -c 3000 -s 2500
PING vpn.privacyguard.io (137.74.199.239) 2500(2528) bytes of data.
--- vpn.privacyguard.io ping statistics ---
3000 packets transmitted, 3000 received, 0% packet loss, time 602389ms
rtt min/avg/max/mdev = 8.210/8.651/16.354/0.447 ms
Inside tunnel:
=============
packet size 1428 bytes:
----------------------
# ping 172.31.254.1 -q -i 0.2 -c 3000 -s 1400
PING 172.31.254.1 (172.31.254.1) 1400(1428) bytes of data.
--- 172.31.254.1 ping statistics ---
3000 packets transmitted, 3000 received, 0% packet loss, time 601665ms
rtt min/avg/max/mdev = 8.020/8.358/9.807/0.137 ms
packet size 3028 bytes:
----------------------
# ping 172.31.254.1 -q -i 0.2 -c 3000 -s 3000
PING 172.31.254.1 (172.31.254.1) 3000(3028) bytes of data.
--- 172.31.254.1 ping statistics ---
3000 packets transmitted, 3000 received, 0% packet loss, time 601862ms
rtt min/avg/max/mdev = 8.142/8.430/9.422/0.108 ms
And would be nice to see min/avg/max and stddev of the latency over a longer
period (say 5-10 minutes). Low values and only a small variation would
easily indicate the physical link is good enough.
Ok, done!
P.S.
OVH Anti-DDoS protection don't like fragmented IP packets,
so I must use --fragment and --mssfix options with OpenVPN:
---------- Forwarded message ----------
From: OVH Customer Support Service <supp...@ovh.ie>
Date: Mon, Jan 30, 2017 at 1:52 PM
Subject: [TICKET#4434367013]Anti-DDoS protection false positives
To: g...@ideil.com
Dear customer,
Our team as informed us that you're packets are being blocked because
your VPN settings generates IP fragmentation.
You should fix that by changing that setting in your OpenVPN client
settings.
Fore more informations you should look for some help by searching for
'openvpn fragmentation'. If this is fixed, you won't be blocked again.
Thank you.
----------------------------------------
Without --fragment and --mssfix OVH Anti-DDoS protection in past
block my VPN server for a few tens of minutes several times a week,
almost each week. After --fragment and --mssfix options all work fine.
As I understand from OpenVPN manual, --fragment and --mssfix
is the only one possible workaround and is the best workaround
for this issue with Anti-DDoS, if I want to use OpenVPN with UDP.
--
Best regards,
Gena
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
